Authentication controls who accesses your API and when. It is the core of any data protection and security strategy and a key part of your user experience. Authentication can range from simple email and password, to two-factor authentication, to linking with physical biometric devices.
AWS Cognito
Auth0
Azure Active Directory
Business logic is the core of any API. It is the code specific to your use case and your customers. The code that makes your company what is is. Business logic is also often the hardest to write as no one will have done it before.
Express
Django
Nest.js
One of the easiest ways to speed up response times for a read heavy API is with a cache. Caches save an API response for a limited period of time then return that to users instead of calling a database or IO intensive function again. They are not a cure-all, but for content-management systems, research databases, or similar they can be a massive help.
Redis
Cloudflare
Cloudfront
Deploying an API is no simple matter. There are a number of different deployment tools like Docker, Terraform, CloudFormation, etc. Each focuses on a particular bit of deployment from setting up cloud resources to isolating your micro-services.
Terraform
Serverless
Cloudformation
If you do not document your API, your users will not know how to use it. A simple idea, but difficult to implement when you have dozens of API methods with multiple response and request objects. Scalable documentation is built into APIs from the ground up and supported by strong business process in your development team.
Swagger
Open API
AWS Cognito
When an error is reported, the first place any developer goes is the logs. They are critical for production-grade APIs, as bugs often happen in difficult to replicate scenarios. At scale, logging becomes a challenge in and of itself with gigabytes of raw data being generated constantly.
Data Dog
Cloudwatch
Azure Application Insights
Networking is how we reach our API. As each API is different, there is a number of different ways to connect to an API. We can do it synchronously via REST and HTTPS or asyncronously via Websockets. If we want to do both, we can even go for GRPC.
GraphQL
Web Sockets
gRPC
You want to be confident your API works at scale. As APIs scale, manual testing becomes more and more unsustainable. If a new feature deploys, you need an automated way to test whether any previous features have been affected and that the new feature works as expected.
Selenium
Postman
Apigee
